5G on-demand dynamically instantiated blockchain for highly distributed peer-to-peer consumer cloud

ABSTRACT

The technology described herein documents and verifies interactions in a cloud computing environment. The system creates a first partition within the cloud computing environment for a first entity and a second partition within the cloud computing environment for a second entity. A blockchain ledger can be created for a set of interactions between the first entity and the second entity, where the blockchain ledger is disengaged when the first entity and the second entity are not interacting. The system can receive a request from the first entity for an interaction with the second entity and can activate the blockchain ledger. In response to receiving consensus from a blockchain community within the cloud computing environment, the system can allow the interaction, where the interaction is appended to the blockchain ledger.

BACKGROUND

Cloud computing is the on-demand availability of computer system resources, such as data storage and computing power, without direct active management by the user. The term is generally used to describe data centers available to many users over the Internet. Large clouds often have functions distributed over multiple locations from central servers. Clouds can be limited to a single organization (enterprise clouds) or can be available to many organizations (public cloud). The goal of cloud computing is to allow users to benefit from various technologies without the need for deep knowledge about or expertise with each one of them. The cloud aims to cut costs and reduce the amount of time users spend on solving information technology issues.

BRIEF DESCRIPTION OF THE DRAWINGS

Embodiments of the present technology will be described and explained through the use of the accompanying drawings.

FIG. 1 is a block diagram that illustrates an overview of a cloud computing environment.

FIG. 2 is a block diagram that illustrates a network of peer nodes that can store a distributed ledger.

FIG. 3 is a block diagram illustrating an overview of an environment on which some implementations can operate.

FIG. 4 is a flow diagram illustrating a process used in some implementations for allocating resources in a cloud computing environment using a 5G network.

FIG. 5 is a flow diagram illustrating a process used in some implementations for documenting and verifying interactions in a cloud computing environment using a 5G network.

FIG. 6 is a block diagram that illustrates an example processing system in which aspects of the disclosed technology can be embodied.

The drawings, some components and/or operations can be separated into different blocks or combined into a single block when discussing some embodiments of the present technology. Moreover, while the technology is amenable to various modifications and alternative forms, specific embodiments have been shown by way of example in the drawings and are described in detail below. The intention, however, is not to limit the technology to the particular embodiments described herein. On the contrary, the technology is intended to cover all modifications, equivalents, and alternatives falling within the scope of the technology as defined by the appended claims.

DETAILED DESCRIPTION

The disclosed systems and methods allocate resources in a cloud computing environment using a 5G network. As millions and potentially billions of Internet of Things (IoT) devices become connected to the 5G network, cloud service providers will need to allocate resources carefully to provide service to all the devices. Telecom companies are uniquely positioned to provide various cloud services partitioned by entity (e.g., device, user, group of users, group of devices). A telecom provider can create a device service profile for a device (or a user service profile for a user) based on the location of the device and characteristics of interactions between the device (or the user) and the 5G network. The system can dynamically partition computing resources within the cloud computing environment (e.g., create mini clouds) for the device (or user) based on the profile and a time-of-day in the location of the device to provide on-demand access to content or services in the cloud computing environment to the device over the 5G network. For example, additional network and cloud resources can be provided to regions in the daytime or, in the case of an emergency or natural disaster, in the location of the device or user. This prioritization and scheduling of service allows for a cloud provider to service many customers, such as for customers with non-overlapping regions and typical time-of-day usage. If the user requests access to service or content during times that the computing resources are not partitioned for the device (or the user), the system can intelligently re-partition the computing resources from devices (or users) that are not using the computing resources partitioned for them.

To prevent cyber-attacks, using the massively scalable cloud solution for entities, blockchains can be used to validate interactions between entities in the cloud computing environment (e.g., connecting the dynamically partitioned computing resources for the mobile devices, network servers or any of the various other network-connected entities). In doing so, the system can create partitions (e.g., mini clouds) for each entity based on information collected by a 5G network. The system can create a blockchain ledger for interactions between entities, with each blockchain ledger being unique to the entities interacting with one another. When an entity requests an interaction with another entity or upon a different triggering event, the blockchain ledger for those entities can be activated from a dormant state (e.g., allocate computing resources to the blockchain ledger). After receiving consensus from a blockchain community, the interaction can be allowed and appended to the blockchain ledger. Additionally, various partitioned computing resources can act as nodes to approve or disapprove of the interactions using previous interactions and information related to the device or the person in the analysis. Creating an immutable record and providing a means for group-based validation of devices can be particularly helpful given the expected number of devices to be connected to the 5G network.

Thus, the described 5G enabled, massively distributed on-demand personal cloud system and method can provide more efficient and targeted resource allocation and thereby better access to content and services for end users. This is done using device and user profiles created by the present system, within the 5G network, and stored in a unified data management database. Based on the profiles, the system can then partition computing resources on a per-user or per-device basis and using time-of-day partitioning. Distributed ledger technology can be used to further safeguard the 5G network by authenticating entities using consensus mechanisms before the entities are allowed to interact. Additional techniques to safeguard the 5G network are described in U.S. patent application Ser. No. 16/864,083, filed Apr. 30, 2020, entitled “5G-Enabled Massively Distributed On-Demand Personal Cloud System and Method,” which is incorporated by reference in its entirety for all purposes.

Various embodiments of the disclosed systems and methods are described. The following description provides specific details for a thorough understanding and an enabling description of these embodiments. One skilled in the art will understand, however, that the invention can be practiced without many of these details. Additionally, some well-known structures or functions may not be shown or described in detail for the sake of brevity. The terminology used in the description presented below is intended to be interpreted in its broadest reasonable manner, even though it is being used in conjunction with a detailed description of certain specific embodiments of the invention.

Although not required, embodiments are described below in the general context of computer-executable instructions, such as routines executed by a general-purpose data processing device, e.g., a networked server computer, mobile device, or personal computer. Those skilled in the relevant art will appreciate that the invention can be practiced with other communications, data processing, or computer system configurations, including Internet appliances, handheld devices, wearable computers, all manner of cellular or mobile phones, multi-processor systems, microprocessor-based or programmable consumer electronics, set-top boxes, network PCs, mini-computers, mainframe computers, media players and the like. Indeed, the terms “computer,” “server,” and the like are generally used interchangeably herein and refer to any of the above devices and systems, as well as any data processor.

While aspects of the disclosed embodiments, such as certain functions, can be performed exclusively or primarily on a single device, some embodiments can also be practiced in distributed environments where functions or modules are shared among disparate processing devices, which are linked through a communications network, such as a local area network (LAN), wide area network (WAN), or the Internet. In a distributed computing environment, program modules can be located in both local and remote memory storage devices.

Aspects of the invention can be stored or distributed on tangible computer-readable media, including magnetically or optically readable computer discs, hardwired or preprogrammed chips (e.g., EEPROM semiconductor chips), nanotechnology memory, biological memory, or other data storage media. In some embodiments, computer-implemented instructions, data structures, screen displays, and other data under aspects of the invention can be distributed over the Internet or over other networks (including wireless networks), on a propagated signal on a propagation medium (e.g., an electromagnetic wave(s), a sound wave) over a period of time, or they can be provided on any analog or digital network (packet-switched, circuit-switched, or other scheme).

Cloud Computing

FIG. 1 illustrates an overview of a cloud computing environment. As illustrated, computing cloud 102 can include servers 104 and storage 106. Servers 104 and storage 106 can be coupled with each other directly using, for example, cables (not shown) or indirectly via one or more wired or wireless, local or wide area networks (not shown). Each server 104 can be configured to host one or more virtual machines 110. Each virtual machine 110 can be configured to host one or more instances of application service 112, or partitions thereof, to be described more fully below. Storage 106 can store state data 116 of application service 112. Each instance of application service 112 can service some client applications 122 operating on respective client devices 120. Client devices 120 can be selectively coupled with servers 104 via one or more wired or wireless, local or wide area networks (not shown). Client devices 120 can include any type of electronic device that can communicate wirelessly with a network node and/or with another electronic device in a cellular, computer, and/or mobile communications system. Examples of the client devices 120 includes smartphones (e.g., APPLE IPHONE, SAMSUNG GALAXY), tablet computers (e.g., APPLE IPAD, SAMSUNG NOTE, AMAZON FIRE, MICROSOFT SURFACE), wireless devices capable of machine-to-machine (M2M) communication, wearable electronic devices, IoT devices, and other devices capable of accessing the network(s).

Computing cloud 102 can further include cloud controller 130 having controller functions 132 configured to control allocation of various hardware and or software resources of computing cloud 102 (e.g., resources of servers 104, storage 106, and the networks coupling them) for deployment of virtual machines 110, application service 112, and performance monitors 114, and/or operating these elements.

In some implementations, each virtual machine 110 can include a performance monitor 114 configured to observe, collect, and report performance information associated with the service provided to client applications 122, by the partitions of application service 112. In alternative implementations, each server 102 can be provided with a performance monitor 114 configured to observe, collect, and report performance information associated with the service provided to client applications 122, by the partitions of application service 112 hosted by the virtual machines 110 deployed thereon, instead.

Computing cloud 102 can include service monitor 140 having optimization function 142, configured to receive the performance information collected and reported by performance monitors 114, and in response, dynamically identify and request resource adjustments to cloud controller 130 to adjust the deployments and/or allocation of the various hardware and/or software resources to the deployments of the various instances of (the partitions) of application service 112 to improve the performance of the service provided to client applications 122 by the instances of application service 112. Application service 112 can be any number of application services known in the art, including but not limited to content distribution and e-commerce services.

Distributed Ledger

A digital distributed ledger stores digital records of things such as transactions and interactions that are distributed and maintained among nodes of a computer network, where the entries are stored in blocks of the ledger that are cryptographically related. A public blockchain is a common example of a distributed ledger that can record transactions (e.g., interactions) between parties in a verifiable and permanent way. Specifically, a blockchain system has a decentralized, distributed database where a ledger is maintained by peer nodes. Hence, an intermediary is not required to maintain a blockchain. The transactions are typically authenticated with cryptographic hashing and mining techniques.

A blockchain is analogous to a distributed database on a distributed computing system that maintains a continuously growing list of ordered records called blocks. A block of a blockchain includes records of transaction(s) or other recorded data (e.g., condition data). Each block contains at least one timestamp, and a block links to a previous block to thus form a chain of blocks. Blockchains are inherently resistant to modification of their recorded data. That is, once recorded, the data in a block cannot be altered retroactively. Through a peer network and distributed timestamping, a blockchain is managed in an autonomous manner.

Decentralized consensus can be achieved with a blockchain. This makes blockchains suitable for recording events, condition records, other records management activities, identity management, transaction processing, and proving data provenance. Well-known examples of decentralized systems that implement blockchains include Bitcoin and Ethereum cryptocurrencies. These types of systems provide a pragmatic solution for arriving at a consensus in the face of trust and timing problems typically encountered in distributed networks.

FIG. 2 illustrates a network 200 of interconnected peer nodes 202-1 through 202-6 (also referred to collectively as peer nodes 202 and individually as peer node 202). The peer nodes 202 can be distributed across various geographic locations including regions all over the world. The network 200 can include a combination of private, public, wired, or wireless portions. Data communicated over a network 200 can be encrypted or unencrypted at various locations or portions of the network. Each peer node 202 can include combinations of hardware and/or software to process data, perform functions, communicate over the network 200, and the like.

The peer nodes 202 can include computing devices such as servers, desktop or laptop computers (e.g., APPLE MACBOOK, LENOVO 440), handheld mobile devices (e.g., APPLE IPHONE, SAMSUNG GALAXY), and any other electronic device. Any component of the network 200 can include a processor, memory or storage, a network transceiver, a display, operating system and application software (e.g., for providing a user interface), and the like. Other components, hardware, and/or software included in the network 200 that are well known to persons skilled in the art are not shown or discussed herein for the sake of brevity.

The network 200 can implement a blockchain that allows for the secure management of a shared ledger, where transactions are verified and stored on the network 200 without a governing central authority. Blockchains can be implemented in different configurations, ranging from public, open-source networks to private blockchains that require explicit permission to read or write transactions. Central to a blockchain are cryptographic hash functions that secure the network 200, in addition to enabling transactions, to protect a blockchain's integrity and anonymity.

The network 200 can utilize cryptography to securely process data. For example, public-key cryptography uses asymmetric key algorithms, where a key used by one party to perform either encryption or decryption is not the same as the key used by another in the counterpart operation. Each party has a pair of cryptographic keys: a public encryption key and a private decryption key. For example, a key pair used for digital signatures consists of a private signing key and a public verification key. The public key can be widely distributed, while the private key is known only to its proprietor. The keys are related mathematically, but the parameters are chosen so that calculating the private key from the public key is unfeasible. Moreover, the keys could be expressed in various formats, including hexadecimal format.

System Overview

FIG. 3 is a block diagram that illustrates a system that can allocate resources in a cloud computing environment using a 5G network and can validate and record interactions between entities in the cloud computing environment using a distributed ledger. The system 300 includes client devices 302-1 and 302-2 (collectively 302) that are communicatively coupled to one or more networks 304 via network access nodes 306-1 and 306-2 (referred to collectively as network access nodes 306).

Client device 302 is any type of electronic device that can communicate wirelessly with a network node and/or with another electronic device in a cellular, computer, and/or mobile communications system. Examples of the client device 302 include smartphones (e.g., APPLE IPHONE, SAMSUNG GALAXY), tablet computers (e.g., APPLE IPAD, SAMSUNG NOTE, AMAZON FIRE, MICROSOFT SURFACE), wireless devices capable of machine-to-machine (M2M) communication, wearable electronic devices, IoT devices, and any other device that is capable of accessing the network(s) 204. Although only two client devices 302 are illustrated in FIG. 3, the disclosed embodiments can include any number of client devices.

Client device 302 can store and transmit (e.g., internally and/or with other electronic devices over a network) code (composed of software instructions) and data using machine-readable media, such as non-transitory machine-readable media (e.g., machine-readable storage media such as magnetic disks, optical disks, read-only memory (ROM), flash memory devices, and phase change memory) and transitory machine-readable transmission media (e.g., electrical, optical, acoustical, or other forms of propagated signals, such as carrier waves or infrared signals).

Client device 302 can include hardware such as one or more processors coupled to sensors and a non-transitory machine-readable media to store code and/or sensor data, user input/output (I/O) devices (e.g., a keyboard, a touchscreen, and/or a display), and network connections (e.g., an antenna) to transmit code and/or data using propagating signals. The coupling of the processor(s) and other components is typically through one or more busses and bridges (also referred to as bus controllers). Thus, a non-transitory machine-readable medium of a given electronic device typically stores instructions for execution on a processor(s) of that electronic device. One or more parts of an embodiment of the present disclosure can be implemented using different combinations of software, firmware, and/or hardware.

Network access nodes 306 can be any type of radio network node that can communicate with a wireless device (e.g., client device 302) and/or with another network node. The network access nodes 206 can be a network device or apparatus. Examples of network access nodes include a base station (e.g., network access node 306-1), an access point (e.g., network access node 306-2), or any other type of network node such as a network controller, radio network controller (RNC), base station controller (BSC), a relay, transmission points, and the like.

The system 300 depicts different types of wireless access nodes 306 to illustrate that the client device 302 can access different types of networks through different types of network access nodes. For example, a base station (e.g., the network access node 306-1) can provide access to a cellular telecommunications system of the network(s) 304. An access point (e.g., the network access node 306-2) is a transceiver that provides access to a computer system of the network(s) 304.

Network(s) 304 can be a 5G network. In some implementations, network(s) 304 can include any combination of private, public, wired, or wireless systems such as a cellular network, a computer network, the Internet, and the like. Any data communicated over the network(s) 304 can be encrypted or unencrypted at various locations or along different portions of the networks. Examples of wireless systems include Wideband Code Division Multiple Access (WCDMA), High Speed Packet Access (HSPA), Wi-Fi, Wireless Local Area Network (WLAN), and Global System for Mobile Communications (GSM), GSM Enhanced Data Rates for Global Evolution (EDGE) Radio Access Network (GERAN), 4G or 5G wireless wide area networks (WWAN), and other systems that can also benefit from exploiting the scope of this disclosure.

Network(s) 304 can include a Unified Data Management (UDM) component that manages network user data in a single, centralized element and stores such data in a UDM database. The UDM database can collect data from client device 302 such as a location of the device, characteristics of use of the device with the 5G network (e.g., when the device typically requests content or services, when the device is in a sleep mode or turned off, types of or identities of other devices the device sends messages to or receives messages from, amount of data typically used), payment methods, payment plans, subscription plans with a provider of the 5G network, demographics of the user, user preferences including privacy preferences, or other devices on the subscription plan.

The system 300 includes distributed ledgers 308 (e.g., blockchains) that store interactions between entities such as client device 302, other devices, users, or groups of devices or users. The blockchains are generated by requests for interaction between entities (e.g., a blockchain for interactions between client device 302-1 and client device 302-2) and new blocks (e.g., allowed interactions) are communicated to the distributed ledger 308 via the network access nodes 306. The distributed ledger 308 is distributed over a combination of network nodes (e.g., peer nodes 202) that access or store device profile data or user profile data across other network nodes of a peer-to-peer network. The network nodes of the distributed ledger 308 can each replicate and store an identical copy of the interaction data and update independently. Although shown in the network(s) 304, the distributed ledger 308 can be located anywhere to maintain a tamper-proof copy of condition data.

The system 300 includes a computing cloud 310 that can dynamically partition computing resources for client devices 302 or users associated with client devices 302 (e.g., creating mini clouds on a per user or per device basis). Computing resources can include servers, applications, bandwidth on the 5G network, storage, among other resources. In some implementations, computing cloud 310 can allow interactions between client devices 302 after network nodes have reached consensus that the requesting devices are valid and are not under cyber-attack and have recorded this in distributed ledgers 308. To partition computing resources, the system can identify how many client devices 302 or users associated with client devices 302 are requesting services at one time, the computing resources required by each client device 302 or user associated with client device 302, and whether adequate computing resources are available based on the demand. The system can then assign computing resources to the client devices 302 or users associated with client devices 302 according to a priority of the client device 302 or the user associated with client device 302 if insufficient computing resources are available.

In some embodiments, computing cloud 310 can include any number of server computers (and other components as described with respect to FIG. 1) communicatively coupled to the client device 302 via the network access nodes 306. The computing cloud 310 can include combinations of hardware and/or software to process condition data, perform functions, communicate over the network(s) 304, etc. For example, server computers of the computing cloud 310 can include a processor, memory or storage, a transceiver, a display, operating system, application software, modules such as a registration module, profile module, partitioning module, and the like. Other components, hardware, and/or software included in the system 300 that are well known to persons skilled in the art are not shown or discussed herein for brevity. Moreover, although shown as being included in the network(s) 304, the computing cloud 310 can be located anywhere in the system 300 to implement the disclosed technology.

Network 304 or computing cloud 310 can create a device service profile and/or a user service profile using information from the UDM database such as the location of the device and characteristics of use with the 5G network. The system can also create profiles for groups of devices or groups of users. In some implementations, the device service profile, the user service profile, and/or groups of user or device profiles can be stored in the UDM database. Computing cloud 310 can access the profiles to partition computing resources within the computing cloud 310 on a per user/per device/per group of users/per group of devices basis and use the profile to partition computing resources within the computing cloud 310 for the device, user, group of devices, or group of users. In some implementations, network performance (e.g., latency requirements, jitter requirements, quality of service) can be defined based on the device service profile or the user service profile. Thus, a 5G network can track and record a device's or user's location, fetch and retrieve profiles from the UDM, and assist in the identification of the user's or device's service requirement based on factors (e.g., profile, demographics, user preferences, service subscription, payment method, location).

The partitions can be based on the profiles, a time-of-day and/or the location of the device, a time-of-day in the location of the device, and other factors as relevant to provide on-demand access to content or services in the cloud computing environment to the device over network 304. In some implementations, the system can allocate resources such that a network access node 306 intelligently provides the service or content. Thus, the system can instantiate 5G mobile edge computing such as a base station as a peering point based on a location detected by the 5G core. In allocating the resources, the system can determine whether a requested service will require more resources than are available (e.g., does the request include a request for real-time media transmission such as video call or is the request a request for non-real-time media transmission such as email which requires far less resources and then compare the requested resources with available resources). In cases where the adequate resources to service the request are unavailable at the moment, the system can send a notification instructing the user or the device to resubmit the request when the resources are available. The system can determine a time in which the resources will become available based on previous prioritizations and can communicate this time to the user or the device so that the user or the device does not resubmit the request multiple times, saving computing resources from re-evaluating the same request numerous times. Once the user or device submits the request, the request is positioned in a queue that reserves resources.

The dynamic partitioning provides efficiencies by making resources available for users when the resources are needed and shifting those resources away from the user when the user likely does not need the resources. For example, a typical first user in time zone 1 accesses content and services during the day in the time zone 1 (as associated with their location) and does not access such content during the night. Thus, the system can partition resources for the first user during daytime in time zone 1 and release these resources during nighttime in time zone 1 for the first user. The system can partition the released resources for a similarly situated second user in an opposite time zone (e.g., time zone 2) such that when the resources are released from the first user (e.g., during the night for the first user), they are partitioned for the second user (e.g., during the day for the second user). In a further example, some devices have commonalities in which partitioning by group is helpful. For example, in many places, sprinkler systems water at times other than the heat of the day (e.g., in the evenings, at night or in the early mornings). The system can partition resources for connected sprinkler systems in a location from 8 p.m. to 8 a.m. Partitioning on a per user or per device basis and partitioning based on factors particular to the user or the device (or groups of each) allows for scalability, flexibility and use of the system by billions of devices.

If the user or device requests services or content during a time that the resources are not partitioned for the device or the user, the system can accommodate the user by temporarily shifting resources partitioned to another user or device that is not currently using the computing resources. The device's (or user's) request for access to content or services at a time when resources are not typically partitioned to the device or user can be documented in the UDM database. The system can change the user service profile or the device service profile should the request for interaction continue to occur at times the resources are not allocated to the user or device.

Some users will provide user preferences such as quality of service level preferences specifying times at which the user's quality of service level needs to be high and privacy preferences including opting out of location tracking services. Additional user preferences can include media preferences (e.g., audio vs. video vs. text). The system can reserve resources based on user preferences. That is, if a user preference indicates that the user's preference is video but available resources are sufficient only for audio, the system can send a request asking whether audio is sufficient or whether the user would prefer video. If the user selects video, the request can be placed in a queue. In some embodiments, an estimated wait time until sufficient resources are available can be provided to the user or the device. In some implementations, the system can allocate resources based on triggering events such as an emergency, natural disaster, or user-defined events. The triggering events can override the user's preferences. For example, if the system detects (e.g., via a news outlet or information from providing typical services) that the device or user is in the path of a natural disaster, location tracking can be engaged regardless of a user's privacy preferences. Additionally, additional resources can be allocated to all devices or users in a location within a radius of the natural disaster. Dynamically partitioning computing resources by device, user, groups of devices or groups of users provides access to content and services to billions of devices.

The system can use distributed ledger technology to prevent or reduce cyber-attacks and fraud. For example, as discussed above, partitions of computing resources can be created for each entity (e.g., device, user, group of devices or users). The system can create a blockchain ledger for interactions between each entity that can be engaged when one of the entities attempts an interaction with another entity or upon a different triggering event and can be disengaged when the entities are not interacting, therefore reducing computing power consumption and computing resources required to validate transactions. Thus, a blockchain ledger can be “disengaged” when computing resources used for authenticating the entities for interactions (e.g., the nodes that provide consensus) are not allocated to the blockchain ledger. The blockchain ledger can be “engaged” or “reengaged” when the computing resources again become available or upon a next interaction request between the entities, assuming that computing resources are available or can be made available.

When the system receives a request for an interaction between one entity and another entity (e.g., client device 302-1 attempts a call with client device 302-2), the system can create a blockchain ledger that is specific to interactions between these two devices, or if the blockchain ledger is already created (e.g., the two entities have previously interacted), the system can engage the blockchain ledger. Various network nodes in the blockchain community in the cloud computing environment can evaluate the entities and the request to ensure that the entities are not under cyber-attack and that the request is valid (e.g., this type of request is expected from this device). In response to receiving consensus from nodes within the blockchain community within the cloud computing environment that the request is valid and the devices are not under a cyber-attack, the system can allow the interaction and a block noting the interaction can be appended to the blockchain ledger. The nodes can use information in the UDM database such as profile information as well as other interactions between the devices to validate the interaction and authenticate the devices. The Access and Mobility Management Function (AMF) of the 5G network (or other management system) can engage or disengage the blockchain ledger according to the user profile as specified by the UDM. Additionally, the Policy Control Function of the 5G network (or other policy system) can dynamically update policies according to the 5G network resource availability. In some implementations, computing resources (e.g., mini-clouds) for the entities can be the nodes and can be used to authenticate the interactions between the entities.

In response to not receiving consensus from the blockchain community, the system can disallow the interaction and allocate resources to determine whether the device is under or at risk of a cyber-attack (e.g., review interactions such as use of the 5G network or responses to status checks, check the status of a manufacturer or provider of the device). Using a blockchain or similar technology to validate entities prior to interactions increases the security of the 5G network.

The blockchain ledgers can stay dormant until a triggering event occurs (e.g., one entity requests an interaction with another entity). Other triggering events include emergency situations. For example, the system can determine the user has been in a car accident (e.g., the user's car system calls emergency services) and thus, the system can intelligently conclude that the user will call the user's insurance company. Thus, the blockchain ledger can be created or re-engaged (e.g., allocate resources for the blockchain ledger) before the request is made. Additional triggering events can be based on expected user's user preferences such as preferences for media type (e.g., gaming, content streaming services such as Netflix, electronic books, music streaming). For example, the system can identify when a user who plays on-line games will be playing and can engage a blockchain ledger to address these interactions. Another type of triggering event can include events that are particularized to the user such as special occasions (e.g., the user's birthday or birthdays of friends and family of the user). The system can identify these events and can allocate additional resources for the user on such days, expecting that the user will interact with additional entities and that blockchains legers will be engaged. In some embodiments, the system can use historical interactions in developing allocating policies.

Those skilled in the art will appreciate that the components illustrated in FIGS. 1-3 described above, and in each of the flow diagrams discussed below, may be altered in a variety of ways. For example, the order of the logic may be rearranged, substeps may be performed in parallel, illustrated logic may be omitted, other logic may be included, etc. In some implementations, one or more of the components described above can execute one or more of the processes described below.

FIG. 4 is a flow diagram illustrating a process used in some implementations for allocating resources in a cloud computing environment using a 5G network. Receiving operation 402 receives a registration request from a device to connect to a 5G network. After performing a registration process, the system can connect the device to the 5G network in connecting operation 404. Collecting operation 406 collects data related to the device. The data can include a location of the device, characteristics of use of the device with the 5G network (e.g., when the device typically requests content or services, when the device is in a sleep mode or turned off, other devices the device sends messages to or receives messages from, amount of data typically used), payment methods, payment plans, subscription plan with a provider of the 5G network, demographics of the user, user preferences including privacy preferences, or other devices on the subscription plan.

Creating operation 408 can create a device service profile of the device (or a user service profile of the user associated with the device) based on at least some of the data associated with the device (or the user). The data associated with the device and the device service profile or the user service profile can be stored in a UDM database of the 5G network. Partitioning operation 410 dynamically partitions computing resources within the cloud computing environment (e.g., storage, bandwidth, servers, applications) for the device based on the device service profile and a time-of-day in the location of the device, thereby providing on-demand access to content or services in the cloud computing environment to the device over the 5G network. When the device requests access to service or content during times that the computing resources are not allocated to the device, the system can re-partition the computing resources to provide the on-demand access (e.g., device is requesting or pulling resources).

FIG. 5 is a flow diagram illustrating a process used in some implementations for documenting and verifying interactions in a cloud computing environment using a 5G network. Creating operation 502 creates a first partition of computing resources for a first entity (e.g., device, user, group of devices, group of users). Creating operation 504 creates a second partition of the computing resources for a second entity. Causing operation 506 causes a blockchain ledger to be created for interactions between the first entity and the second entity. The blockchain ledger can be disengaged when the first entity and the second entity are not interacting and engaged when the first entity and second entity are interacting. Receiving operation 508 receives a request from the first entity for an interaction with the second entity. In response to receiving the request, activating operation 510 activates the blockchain ledger. In response to receiving consensus from the blockchain community within the cloud computing environment, allowing operation 512 allows the interaction.

FIG. 6 is a block diagram that illustrates an example of a processing system 600 in which at least some operations described herein can be implemented. The processing system 600 represents a system that can run any of the methods/algorithms described herein. For example, any network access device (e.g., client device 302, access node 306-2) or network component (access node 306-1 or computing cloud 310) can include or be part of a processing system 600. The processing system 600 can include one or more processing devices, which can be coupled to each other via a network or multiple networks. A network can be referred to as a communication network or telecommunications network.

In the illustrated embodiment, the processing system 600 includes one or more processors 602, memory 604, a communication device 606, and one or more input/output (I/O) devices 608, all coupled to each other through an interconnect 610. The interconnect 610 can be or include one or more conductive traces, buses, point-to-point connections, controllers, adapters and/or other conventional connection devices. Each of the processor(s) 602 can be or include, for example, one or more general-purpose programmable microprocessors or microprocessor cores, microcontrollers, application-specific integrated circuits (ASICs), programmable gate arrays, or the like, or a combination of such devices.

The processor(s) 602 control the overall operation of the processing system 500. Memory 504 can be or include one or more physical storage devices, which can be in the form of random-access memory (RAM), read-only memory (ROM) (which can be erasable and programmable), flash memory, miniature hard disk drive, or other suitable type of storage device, or a combination of such devices. Memory 604 can store data and instructions that configure the processor(s) 602 to execute operations in accordance with the techniques described above. The communication device 606 can be or include, for example, an Ethernet adapter, cable modem, Wi-Fi adapter, cellular transceiver, Bluetooth transceiver, or the like, or a combination thereof. Depending on the specific nature and purpose of the processing system 600, the I/O devices 608 can include devices such as a display (which can be a touch screen display), audio speaker, keyboard, mouse or other pointing devices, microphone, camera, etc.

While processes or blocks are presented in a given order, alternative embodiments can perform routines having steps or employ systems having blocks, in a different order, and some processes or blocks can be deleted, moved, added, subdivided, combined and/or modified to provide alternative or sub-combinations, or can be replicated (e.g., performed multiple times). Each of these processes or blocks can be implemented in a variety of different ways. In addition, while processes or blocks are at times shown as being performed in series, these processes or blocks can instead be performed in parallel or can be performed at different times. When a process or step is “based on” a value or a computation, the process or step should be interpreted as based at least on that value or that computation.

Software or firmware to implement the techniques introduced here can be stored on a machine-readable storage medium and can be executed by one or more general-purpose or special-purpose programmable microprocessors. A “machine-readable medium”, as the term is used herein, includes any mechanism that can store information in a form accessible by a machine (a machine can be, for example, a computer, network device, cellular phone, personal digital assistant (PDA), manufacturing tool, any device with one or more processors, etc.). For example, a machine-accessible medium includes recordable/non-recordable media (e.g., read-only memory (ROM), random-access memory (RAM), magnetic disk storage media, optical storage media, flash memory devices), etc.

Note that any and all of the embodiments described above can be combined with each other, except to the extent that it may be stated otherwise above, or to the extent that any such embodiments might be mutually exclusive in function and/or structure. Although the present invention has been described with reference to specific exemplary embodiments, it will be recognized that the invention is not limited to the embodiments described but can be practiced with modification and alteration within the spirit and scope of the disclosed embodiments. Accordingly, the specification and drawings are to be regarded in an illustrative sense rather than a restrictive sense.

Physical and functional components (e.g., devices, engines, modules, and data repositories) associated with processing system 600 can be implemented as circuitry, firmware, software, other executable instructions, or any combination thereof. For example, the functional components can be implemented in the form of special-purpose circuitry, in the form of one or more appropriately programmed processors, a single board chip, a field-programmable gate array, a general-purpose computing device configured by executable instructions, a virtual machine configured by executable instructions, a cloud computing environment configured by executable instructions, or any combination thereof. For example, the functional components described can be implemented as instructions on a tangible storage memory capable of being executed by a processor or other integrated circuit chip. The tangible storage memory can be computer-readable data storage. The tangible storage memory can be a volatile or non-volatile memory. In some embodiments, the volatile memory can be considered “non-transitory” in the sense that it is not a transitory signal. Memory space and storage described in the figures can be implemented with the tangible storage memory as well, including volatile or non-volatile memory.

Each of the functional components can operate individually and independently of other functional components. Some or all of the functional components can be executed on the same host device or on separate devices. The separate devices can be coupled through one or more communication channels (e.g., wireless or wired channel) to coordinate their operations. Some or all of the functional components can be combined as one component. A single functional component can be divided into sub-components, each sub-component performing separate method steps or a method step of the single component.

In some embodiments, at least some of the functional components share access to a memory space. For example, one functional component can access data accessed by or transformed by another functional component. The functional components can be considered “coupled” to one another if they share a physical connection or a virtual connection, directly or indirectly, allowing data accessed or modified by one functional component to be accessed in another functional component. In some embodiments, at least some of the functional components can be upgraded or modified remotely (e.g., by reconfiguring executable instructions that implement a portion of the functional components). Other arrays, systems, and devices described above can include additional, fewer, or different functional components for various applications.

Aspects of the disclosed embodiments may be described in terms of algorithms and symbolic representations of operations on data bits stored in memory. These algorithmic descriptions and symbolic representations generally include a sequence of operations leading to the desired result. The operations require physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electric or magnetic signals that are capable of being stored, transferred, combined, compared, and otherwise manipulated. Customarily, and for convenience, these signals are referred to as bits, values, elements, symbols, characters, terms, numbers, or the like. These and similar terms are associated with physical quantities and are merely convenient labels applied to these quantities.

Conclusion

Unless the context clearly requires otherwise, throughout the description and the claims, the words “comprise,” “comprising,” and the like are to be construed in an inclusive sense, as opposed to an exclusive or exhaustive sense; that is to say, in the sense of “including, but not limited to.” As used herein, the terms “connected,” “coupled,” or any variant thereof, means any connection or coupling, either direct or indirect, between two or more elements; the coupling of connection between the elements can be physical, logical, or a combination thereof. Additionally, the words “herein,” “above,” “below,” and words of similar import, when used in this application, shall refer to this application as a whole and not to any particular portions of this application. Where the context permits, words in the above Detailed Description using the singular or plural number can also include the plural or singular number respectively. The word “or,” in reference to a list of two or more items, covers all of the following interpretations of the word: any of the items in the list, all of the items in the list, and any combination of the items in the list.

The above-detailed description of embodiments of the system is not intended to be exhaustive or to limit the system to the precise form disclosed above. While specific embodiments of, and examples for, the system are described above for illustrative purposes, various equivalent modifications are possible within the scope of the system, as those skilled in the relevant art will recognize. For example, some network elements are described herein as performing certain functions. Those functions could be performed by other elements in the same or differing networks, which could reduce the number of network elements. Alternatively, or additionally, network elements performing those functions could be replaced by two or more elements to perform portions of those functions. In addition, while processes, message/data flows, or blocks are presented in a given order, alternative embodiments may perform routines having steps, or employ systems having blocks, in a different order, and some processes or blocks may be deleted, moved, added, subdivided, combined, and/or modified to provide alternative or sub-combinations. Each of these processes, message/data flows, or blocks may be implemented in a variety of different ways. Also, while processes or blocks are at times shown as being performed in series, these processes or blocks may instead be performed in parallel or may be performed at different times. Further any specific numbers noted herein are only examples: alternative implementations may employ differing values or ranges. Those skilled in the art will also appreciate that the actual implementation of a database can take a variety of forms, and the term “database” is used herein in the generic sense to refer to any data structure that allows data to be stored and accessed, such as tables, linked lists, arrays, etc.

The teachings of the methods and system provided herein can be applied to other systems, not necessarily the system described above. The elements and acts of the various embodiments described above can be combined to provide further embodiments.

Any patents and applications and other references noted above, including any that may be listed in accompanying filing papers, are incorporated herein by reference. Aspects of the technology can be modified, if necessary, to employ the systems, functions, and concepts of the various references described above to provide yet further embodiments of the technology.

These and other changes can be made to the invention in light of the above Detailed Description. While the above description describes certain embodiments of the technology, and describes the best mode contemplated, no matter how detailed the above appears in text, the invention can be practiced in many ways. Details of the system may vary considerably in its implementation details, while still being encompassed by the technology disclosed herein. As noted above, particular terminology used when describing certain features or aspects of the technology should not be taken to imply that the terminology is being redefined herein to be restricted to any specific characteristics, features, or aspects of the technology with which that terminology is associated. In general, the terms used in the following claims should not be construed to limit the invention to the specific embodiments disclosed in the specification, unless the above Detailed Description section explicitly defines such terms. Accordingly, the actual scope of the invention encompasses not only the disclosed embodiments but also all equivalent ways of practicing or implementing the invention under the claims.

While certain aspects of the technology are presented below in certain claim forms, the inventors contemplate the various aspects of the technology in any number of claim forms. For example, while only one aspect of the invention is recited as embodied in a computer-readable medium, other aspects can likewise be embodied in a computer-readable medium. Accordingly, the inventors reserve the right to add additional claims after filing the application to pursue such additional claim forms for other aspects of the technology. 

We claim:
 1. A method of documenting and verifying interactions in a cloud computing environment, the method comprising: creating a first partition of computing resources within the cloud computing environment for a first entity based on a first profile of the first entity, wherein the first profile is created using first data collected by a 5G network; creating a second partition of the computing resources within the cloud computing environment for a second entity based on a second profile with the second entity, wherein the second profile is created using second data collected by the 5G network; causing to be created a blockchain ledger for a set of interactions between the first entity and the second entity, wherein the blockchain ledger is disengaged when the first entity and the second entity are not interacting; receiving, within the cloud computing environment, a request from the first entity for an interaction with the second entity; in response to receiving the request from the first entity for the interaction with the second entity, activating the blockchain ledger; and in response to receiving consensus from a blockchain community within the cloud computing environment, allowing the interaction, wherein the interaction is appended to the blockchain ledger.
 2. The method of claim 1, further comprising: in response to not receiving consensus from the blockchain community, disallowing the interaction; and determining whether the first entity and the second entity are under a cyber-attack.
 3. The method of claim 1, wherein the first entity is a user, wherein the method further comprises: creating the first profile based on at least one of: user preferences, demographics, service subscription with a 5G network service provider, payment method, or location of a device associated with the user.
 4. The method of claim 1, wherein the first entity is an Internet-of-Things (“IoT”) device, wherein the method further comprises: creating the first profile based on interactions of the IoT device with the 5G network, a location of the IoT device, service subscription with a 5G network service provider, and a payment method for the service subscription.
 5. The method of claim 1, wherein the first entity is an Internet-of-Things (“IoT”) device, wherein the method further comprises: dynamically partitioning computing resources within the cloud computing environment for the IoT device based on the first profile, and a time-of-day in a location of the IoT device, to thereby provide on-demand access to content or services in the cloud computing environment to the IoT device over the 5G network.
 6. The method of claim 1, wherein: the blockchain community providing consensus includes at least some of the computing resources within the cloud computing environment, the at least some of the computing resources use interactions between the first entity and other entities to determine whether the interaction can occur.
 7. The method of claim 1, further comprising: receiving a triggering event that causes the blockchain ledger to re-engage, wherein the triggering event includes receiving a second request from the first entity for a second interaction with the second entity.
 8. At least one non-transitory, computer-readable medium, storing instructions, which when executed by at least one data processor, performs a method of documenting and verifying interactions in a cloud computing environment, the method comprising: creating a first partition of computing resources within the cloud computing environment for a first entity based on a first profile of the first entity, wherein the first profile is created using first data collected by a 5G network; creating a second partition of the computing resources within the cloud computing environment for a second entity based on a second profile with the second entity, wherein the second profile is created using second data collected by the 5G network; causing to be created a blockchain ledger for a set of interactions between the first entity and the second entity, wherein the blockchain ledger is disengaged when the first entity and the second entity are not interacting; receiving, within the cloud computing environment, a request from the first entity for an interaction with the second entity; in response to receiving the request from the first entity for the interaction with the second entity, activating the blockchain ledger; and in response to receiving consensus from a blockchain community within the cloud computing environment, allowing the interaction, wherein the interaction is appended to the blockchain ledger.
 9. The at least one non-transitory, computer-readable medium of claim 8, wherein the method further comprises: in response to not receiving consensus from the blockchain community, disallowing the interaction; and determining whether the first entity and the second entity are under a cyber-attack.
 10. The at least one non-transitory, computer-readable medium of claim 8, wherein the first entity is a user, wherein the method further comprises: creating the first profile based on at least one of: user preferences, demographics, service subscription with a 5G network service provider, payment method, or location of a device associated with the user.
 11. The at least one non-transitory, computer-readable medium of claim 8, wherein the first entity is an Internet-of-Things (“IoT”) device, wherein the method further comprises: creating the first profile based on interactions of the IoT device with the 5G network, a location of the IoT device, service subscription with a 5G network service provider, and a payment method for the service subscription.
 12. The at least one non-transitory, computer-readable medium of claim 8, wherein the first entity is an Internet-of-Things (“IoT”) device, wherein the method further comprises: dynamically partitioning computing resources within the cloud computing environment for the IoT device based on the first profile, and a time-of-day in a location of the IoT device, to thereby provide on-demand access to content or services in the cloud computing environment to the IoT device over the 5G network.
 13. The at least one non-transitory, computer-readable medium of claim 8, wherein the first entity is a user, wherein the blockchain community providing consensus includes at least some of the computing resources within the cloud computing environment.
 14. The at least one non-transitory, computer-readable medium of claim 8, wherein the method further comprises: receiving a second request from the first entity for a second interaction with the second entity, wherein the blockchain ledger is re-engaged when the first entity and the second entity upon receiving the second request.
 15. A system for documenting and verifying interactions in a cloud computing environment, the system comprising: a memory; a processor in communication with the memory, the processor operable to execute software modules, the software modules comprising: a partition module configured to: create a first partition of computing resources within the cloud computing environment for a first entity based on a first profile of the first entity, wherein the first profile is created using first data collected by a 5G network, and create a second partition of the computing resources within the cloud computing environment for a second entity based on a second profile with the second entity, wherein the second profile is created using second data collected by the 5G network; and a distributed ledger module configured to: cause to be created a blockchain ledger for a set of interactions between the first entity and the second entity, wherein the blockchain ledger is disengaged when the first entity and the second entity are not interacting, receive, within the cloud computing environment, a request from the first entity for an interaction with the second entity, in response to receiving the request from the first entity for the interaction with the second entity, activate the blockchain ledger, and in response to receiving consensus from a blockchain community within the cloud computing environment, allow the interaction, wherein the interaction is appended to the blockchain ledger.
 16. The system of claim 15, wherein the distributed ledger module is further configured to: in response to not receiving consensus from the blockchain community, disallow the interaction, determine whether the first entity and the second entity are under a cyber-attack, and receive a second request from the first entity for a second interaction with the second entity, wherein the blockchain ledger is re-engaged when the first entity and the second entity upon receiving the second request.
 17. The system of claim 15, wherein the first entity is a user, wherein the partition module is further configured to: create the first profile based on at least one of: user preferences, demographics, service subscription with a 5G network service provider, payment method, or location of a device associated with the user.
 18. The system of claim 15, wherein the first entity is an Internet-of-Things (“IoT”) device, wherein the partition module is further configured to: create the first profile based on interactions of the IoT device with the 5G network, a location of the IoT device, service subscription with a 5G network service provider, and a payment method for the service subscription.
 19. The system of claim 15, wherein the first entity is an Internet-of-Things (“IoT”) device, wherein the partition module is further configured to: dynamically partition computing resources within the cloud computing environment for the IoT device based on the first profile, and a time-of-day in a location of the IoT device, to thereby provide on-demand access to content or services in the cloud computing environment to the IoT device over the 5G network.
 20. The system of claim 15, wherein the first entity is a user, wherein the blockchain community providing consensus includes at least some of the computing resources within the cloud computing environment. 